By Staff Reporter
WINDHOEK, December 17 — The Communications Regulatory Authority of Namibia (CRAN) has confirmed a data exfiltration attack targeting one of the country’s telecommunication operators. This incident underscores the urgent need for enhanced cybersecurity measures to protect Namibia’s critical infrastructure, information systems, and consumer data.
The Namibia Cyber Security Incident Response Team (NAM-CSIRT), housed at CRAN, immediately took action upon identifying the breach and is actively supporting the affected operator to mitigate the impact. NAM-CSIRT, established by the Namibian Government, serves as the nation’s focal point for addressing and coordinating responses to cybersecurity incidents, particularly those affecting Critical Infrastructure (CI) and Critical Information Infrastructure (CII).
The breach, detected on December 11, 2024, through reliable threat intelligence, involved data exfiltration allegedly carried out by the Hunters International ransomware group. NAM-CSIRT swiftly informed the operator, initiated investigations, and began assessing the extent of the breach.
CRAN Chief Executive Officer and Head of NAM-CSIRT, Mrs. Emilia Nghikembua, emphasized the importance of addressing cybersecurity incidents, stating:
“We take cybersecurity very seriously, particularly when incidents affect critical infrastructure and consumer data. NAM-CSIRT has been working diligently with the operator to contain and address this breach. This incident highlights the need for vigilance and collaboration to counter the evolving cyber threats facing our nation.”
NAM-CSIRT has been directly engaging with the affected operator, facilitating critical phases of incident response, including preparation, identification, containment, eradication, recovery, and drawing lessons from the breach. The team is committed to providing ongoing support to strengthen Namibia’s cybersecurity framework.
Although Namibia lacks dedicated Cybercrime and Data Protection legislation, NAM-CSIRT adheres to international best practices in incident response. CRAN has urged all operators and owners of CI and CII to implement globally recognized cybersecurity standards, such as encryption, regular security assessments, and advanced protection measures.
Mrs. Nghikembua further called for collective action, saying:
“Protecting national critical infrastructure requires strategic planning, proactive measures, and a commitment to global standards. Stakeholders must invest in robust cybersecurity practices and promptly report incidents to NAM-CSIRT to ensure timely and effective responses.”
To reduce the risk of future cyberattacks, NAM-CSIRT recommends implementing measures such as multifactor authentication, regular vulnerability scans, timely software updates, network segmentation, and advanced threat detection tools.
This incident highlights the growing cyber risks to CI and CII and the necessity for coordinated efforts to safeguard national assets. CRAN, through NAM-CSIRT, remains dedicated to addressing cybersecurity challenges and assisting stakeholders in minimizing their impact.
